In this blog we shall discuss methods or process needed to change passwords of managed products by vRSLCM using locker API's
In all below API calls where mentioned
{{idmurl}} is the VMware Identity Manager's hostname
(e.g idm.domain.example)
{{lcmurl}} is the vRealize Suite Lifecycle Manager's hostname
(e.g https://lcm.domain.example)Aquire Session Token ( vIDM )
Request
Method: POST
Request: {{vidmurl}}/SAAS/API/1.0/REST/auth/system/login
Headers:
Content-Type: application/json
Accept: application/json
Request body:
{
"username": "configadmin",
"password": "configadmin_password",
"issueToken": "true"
}Response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<userSession>
<admin>false</admin> <sessionToken>eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIwN2VlNDQ0My0yYzYzLTRkNmQtODk4ZC1kY2UzZjQzNDZkYWYiLCJwcm4iOiJjb25maWdhZG1pbkBJRE0iLCJkb21haW4iOiJTeXN0ZW0gRG9tY**********3_qehterCBvH60n_ecUx4tweMj6byOorhEcFBfgCgG5LxDUDKH5Da9XaPmBsOF5qcozCz9YWdJciuwGtCGUxdow2zhdwfVGb-uNk71QyUET6fSh1G-JQCn41K_8rJ4tgtRX8ETm--BGLY9fy5g</sessionToken>
</userSession>A cookie is set in this case as wellThis session token has been placed under environment details as variable
Aquire LCM Auth Token (admin@local)
Request
Method: POST
Request: {{lcmurl}}/lcm/authzn/api/login
Authorization: Basic Auth
username: admin@local
password: ******
Response
A cookie is created and response code is 200As one can see there are two cookies set , one for idm based authentication and the other for lcm local auth
Fetch Environment Details
We shall use this API to fetch environment details in which the product is present
Request
Method: GET
Request: {{lcmurl}}/lcm/lcops/api/v2/environments?status=COMPLETED
Response
[
{
"environmentId": "globalenvironment",
"environmentName": "globalenvironment",
"environmentDescription": "",
"environmentHealth": null,
"logHistory": "[ {\n \"logGeneratedTime\" : 1657682435109,\n \"logLocation\" : \"https://lcm.cap.org/repo/logBundleRepo/environment/globalenvironment/log-globalenvironment-1657682435109.tar.gz\"\n} ]",
"environmentStatus": "COMPLETED",
"infrastructure": {
"properties": {
}
},
"products": [
{
"id": "vidm",
"version": "3.3.6",
"patchHistory": null,
"snapshotHistory": null,
"logHistory": null,
"clusterVIP": null,
"nodes": [
{
"type": "vidm-primary",
"properties": {
"hostName": "********",
"cluster": "********",
"esxHost": "********",
"memory": "**",
"diskMode": "***",
"vCenterHost": "******",
"storage": "****",
"network": "*****",
"capacity": "***",
"vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
"vidmSystemAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
"enableTelemetry": "false",
"affinityRules": null,
"__vMoid": "vm-43",
}
},
{
"type": "vidm-connector",
"properties": {
}
}
],
"collectorGroups": null,
"properties": {
*
*
"vidmAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
"enableTelemetry": "false",
"defaultConfigurationPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
*
*
*
"certificate": "locker:certificate:6d7a83c9-40c6-42f8-9d6b-af75227b3689:idm"
}
}
],
"metaData": {
"isCloudProxyEnvironment": "false"
}
},You will get a json response with all the environment and product data. Look at the screenshot for more information.
Based on the environment and the product you have selected to change specific account passwords , those data can be aquired from this response
Get the root password from the product
As an example in this blog , we will choose to change root password of vIDM
Based on the above response we got the the environments api , we will collect current root password of vIDM and keep it aside
So that would be
"vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"We can confirm that from UI too
If you look at the syntax on how it's stored
"vidmRootPassword": "locker:password:vmid:locker_alias"
"vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"
Get the Password using VMID
Now let's get the details of the password using the extracted vmid by using following API
Request
Method: GET
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>
Response
{
"vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
"tenant": "default",
"alias": "dummyalias",
"userName": "dummy",
"password": "PASSWORD****",
"passwordDescription": "dummypassword",
"createdOn": 1664436058965,
"lastUpdatedOn": 1664436058965
}
View Password
To view the password use the below URL
Request
Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>
Response
{
"passwordVmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
"password": "Dummy123!"
}
Create New Password object in Locker
Here's the API to create an object in locker. It's a post call. In the response your returned with the vmid of the password object which has been created
Request
Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords
Response
{
"vmid": "deab31fa-ea7a-452b-a0ad-a5daa5bb4126",
"tenant": "default",
"alias": "vidmroot071022",
"userName": "root",
"password": "PASSWORD****",
"passwordDescription": "vidmroot071022",
"createdOn": 1665147383168,
"lastUpdatedOn": 1665147383168
}
We can check the new password in the UI as well
Update Password
As an example , we shall consider root password of vIDM to be changed
Request
Method: PUT
Request:{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/nodes/{{nodetype}}
Note: the above request url should be properly replaced by appropriate values
This URL is used to change root password for vIDM node
{{envid}}: "globalenvironment"
{{idmprodid}}: "vidm"
{{nodetype}}: "vidm-primary"
We need to compile body of the request
Remeber from the previous API , we've collected the current password and also stored the vmid of the new password onject we created to apply as a new root password
{
"currentPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
"hostName": "{{nodehostname}}",
"newPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"userNameToUpdate": "root"
}
Remember the {{nodehostname}} is the node for which the password is being changed. If it's a cluster , this has to be executed thrice on each node to maintain consistency
Once we submit the request , as a response a request id is sent which can be tracked too
The request id can be polled using following API
Request
Method: PUT
Request:{{lcmurl}}/lcm/request/api/v2/requests/<requestId>Response
In the UI you may see the request to update password is now complete for root
In similar manner if you want to change admin password of vIDM then you have to do following.
Remeber the API would change it's not going to be same
Request
Method: PUT
Request:
{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/admin-password
Note: the above request url should be properly replaced by appropriate values
This URL is used to change root password for vIDM node
{{envid}}: "globalenvironment"
{{idmprodid}}: "vidm"
{{nodetype}}: "vidm-primary"
Request Body
{
"adminPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"currentAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword"
}I will replace the values in the body with appropriate values
Then execute the API
If you poll the request you can see whole lot of details. If it's a failure then stop polling
You may now see the request created and completed in UI .
Delete Password
To delete the password , one can use the following API
Request
Method: DELETE
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/<vmid>
I'll get the vmid from the url or from the api as shown before
Response
{
"vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
"tenant": "default",
"alias": "dummyalias",
"userName": "dummy",
"password": "Dummy123!",
"passwordDescription": "dummypassword",
"createdOn": 1664436058965,
"lastUpdatedOn": 1664436058965
}
In this manner if you know the API's and appropriate values to substitute you should be able to programatically change passwords on any products managed by vRSLCM 8.x
Comments